Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
MV SEA CALYPSO.xls
-
Size
1.1MB
-
Sample
230920-jqq3eaha38
-
MD5
8b4e0b87572717cfd3f2ae76df8bb81c
-
SHA1
40ffb77814149ac091e855d05efa3ae0c1193158
-
SHA256
e27d7f51f333c66888b58f1baf06c3055787212fd0ff90b2a52de6e221ee4a7c
-
SHA512
d8449da9d9eda3dd7c2fe8d2587bd7de9c36683f57b630eba06085842874cbad22e1a7f0d82479a65530e18408de159464a8a23cdc844d2ca5d93cbdb604a4bc
-
SSDEEP
24576:FWQmmav30xSZy6w6VH6NXFZyLw6V56NHsz5vVQcTAZeiyfSwIN:EQmmQ306+6Va1P6VgaVVrTgyqD
Malware Config
Extracted
lokibot
http://mous.midlandpaper.icu/_errorpages/mous/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
MV SEA CALYPSO.xls
-
Size
1.1MB
-
MD5
8b4e0b87572717cfd3f2ae76df8bb81c
-
SHA1
40ffb77814149ac091e855d05efa3ae0c1193158
-
SHA256
e27d7f51f333c66888b58f1baf06c3055787212fd0ff90b2a52de6e221ee4a7c
-
SHA512
d8449da9d9eda3dd7c2fe8d2587bd7de9c36683f57b630eba06085842874cbad22e1a7f0d82479a65530e18408de159464a8a23cdc844d2ca5d93cbdb604a4bc
-
SSDEEP
24576:FWQmmav30xSZy6w6VH6NXFZyLw6V56NHsz5vVQcTAZeiyfSwIN:EQmmQ306+6Va1P6VgaVVrTgyqD
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-